Welcome to AlienVault Open Threat Exchange!

The world’s first truly open threat intelligence community that enables
collaborative defense with actionable, community-powered threat data.

World's First Open Threat Intelligence Community

Threat sharing in the security industry remains mainly ad-hoc and informal, filled with blind spots, frustration, and pitfalls. Our vision is for companies and government agencies to gather and share relevant, timely, and accurate information about new or ongoing cyberattacks and threats as quickly as possible to avoid major breaches (or minimize the damage from an attack). AlienVault’s Open Threat Exchange (OTX) delivers the first truly open threat intelligence community that makes this vision a reality.

How OTX Works

AlienVault OTX provides open access to a global community of threat researchers and security professionals. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.

AlienVault OTX Pulse

Pulses provide you with a summary of the threat, a view into the software
targeted, and the related indicators of compromise (IoC) that can be used
to detect the threats.

IoCs include:

File Hashes: MD5, SHA1, SHA256, PEHASH, IMPHASH

CIDR Rules

File Paths

MUTEX name

CVE number

IP addresses

Domains

Hostnames (subdomains)

Email

URL

URI

Pulses make it easy for you to answers questions like:

Is my environment exposed to this threat?

Is this relevant to my organization?

Who is behind this, and what are their motives?

What are they targeting in my environment?

Drag & drop any blog post or threat report from any source to create new pulses

Create a pulse or add additional IoCs into an existing pulse when observing suspicious or malicious behavior

Open Access to the Threat Intelligence Community

Security research tends to be an insular process and rarely do individuals or groups share threat data with one another. This is due to lack of trust, internal policies, or simply the inability to get the information out to the masses. OTX helps to solve this problem with the ability to subscribe or follow the most trusted pulses in the community.

Subscribe to pulses and use the DirectConnect feature to automatically update your security products.

Follow OTX contributors and get valuable insight into their recently researched threats.

Openly Research & Collaborate on Emerging Threats

The traditional threat sharing model is a one-way communication between researchers/vendors and subscribers. There is no way for subscribers to interact with peers or threat researchers on emerging threats, as each recipient is isolated from each other. That’s why we built OTX — to change the way we all create, collaborate, and consume threat data.

Integrate with AlienVault USM
& Export IoCs to Any Security Product

Most threat data sharing products or services are expensive and/or overly complex. Users often find themselves buying multiple services since the traditional, isolated, approach to threat data limits their ability to export threat data from one tool to another. OTX provides several methods for your security tools to ingest pulse data, allowing you to react quickly and more efficiently to any threats.

Direct Integration with USM

Automatically instrument your built-in IDS capability within USM deployments, as well as third party security tools, with the latest actionable threat data from community-generated pulses.